Oracle Database Server RAS Security Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability has been identified in the RAS Security component of Oracle Database Server. Affected versions include 19.3 through 19.26, 21.3 through 21.17, and 23.4 through 23.7. This vulnerability allows a low-privileged attacker with User Account privileges and network access via Oracle Net to compromise RAS Security. Exploitation requires human interaction from a third party. Successful attacks could lead to unauthorized creation, deletion, or modification of critical data, or all data accessible through RAS Security, as well as unauthorized access to critical data or complete access to all RAS Security accessible data.

Impact

Exploitation of this vulnerability could result in unauthorized access to critical data or complete access to all RAS Security accessible data, as well as unauthorized creation, deletion, or modification of critical data or all RAS Security accessible data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Database Server RAS Security Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle Database Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating